Login user through API

vicente1 · January 24, 2022, 3:17pm

Hi,

I am trying to implement a user login through token for clients so they can login using just a token. This is because we are trying to implement a whitelabel functionality so users from external DB can access the application without logging in our app.

Steps that I am aiming to:

Tenant user creates a user using our app. We provide a token or ID associated to auth0 for the tenant so it saves it into their DB.
The client app uses that token provided along with security measures to submit a POST request and retrieve an access token which regular users will use to access our app without going through the regular auth process.
It is important to handle the refresh token so users are not logged out too soon, in case that happens users will need to repeat the same process in order to login again.

How viable is this?

john.gateley · January 25, 2022, 2:24pm

Hi @vicente1

We do have the client credentials grant (also known as Machine to Machine) which is your “login with a token” functionality.

However, I am not sure this is the best. Are your users people or machines? If the former, you probably should not be using client credentials.

We do support 3rd party apps, where they log in to their app using your Auth0 connection. That may be appropriate.

Be careful with this one - it is not the standard login flow and so you should analyze the security of the solution you come up with carefully.

John

Topic		Replies	Views
How to get user jwt token without password? Help user-profile , user-management	4	1766	December 12, 2023
Authenticate auth0 user via API without login screen Help question	2	2764	October 1, 2022
Auth0 management-api for regular web application Help management-api , users	2	531	February 16, 2024
Connect application to user (by Client ID) Help auth0	6	3688	October 15, 2019
Authenticate without password but only with email address, client id, client secret Help api , login	5	5031	December 5, 2019

Login user through API

Related Topics